At 12:47 PM -0700 5/26/07, Kyle Hamilton wrote:
>On May 26, 2007, at 11:06 AM, Paul Hoffman wrote:
>
>>If we adopt that model, they can. But, again, that's not what this
>>thread was about. It was about Mozilla unilaterally constraining the
>>names without asking the user based on a feature of the audit.
>
>...versus an "all-or-nothing" trust?
Correct: that is what we have now. FWIW, it is what essentially all
software that uses certificates for identification have.
>The security experts which make the decisions for Mozilla work for
>Mozilla. I'm not entirely certain there's a statement of crypto
>team guiding principles anywhere, but I think this is fairly
>common-sense:
>
>1) They must make the best judgement for individual user security
>that they can,
>2) in a fashion that is non-judgemental against potential trust anchors,
>3) while reducing market-share attrition based on security
>capabilities versus incapabilities.
>
>MoFo already has a statement on what a CA must do in order to be
>admitted to the distributed trust anchors. The problem comes when
>MoFo can't verify claims of audit compliance.
We disagree about the problem. To me, the problem is that, even if we
could constantly audit the security of a trust anchor's certificate
issuance configuration, we can never adequately audit the methods
they use to bind an identity with a particular private key.
The current thread is about a proposal that says, in essence, "we are
willing to accept a secret audit of a trust anchor that we cannot see
from a national government security agency, but if we accept that,
the trust anchor can only bind identities that contain a domain name
in that nation's TLD; trust anchors with non-secret audits can bind
any type of identity". To me, the first part is too much of a leap. I
agree with others who say "no secret audits", and the corollary to
that is that all trust anchors can bind any type of identity.
>If there's a governmental entity running it, then that government
>has the right to say what is correct within its own country -- the
>'government' is the entity in which all trust is placed, and the
>authority from which the right of audit is derived.
This has at least two significant problems.
- Without seeing the audit, we have no idea whether the security used
by the agency would pass muster for the identities being bound. This
means that the standards we hold VeriSign to for certificates whose
identities are in .kr different than the standards we hold KISA to.
When the user goes to foo.kr, they can't tell what level of security
Mozilla chose for the certifier.
- There are plenty of companies in Korea that are identified by
domain names outside of the .kr TLD. It is incredibly inconsistent
for us to say "we trust you for identities in this TLD but not that
one" when what little we know about their audit has absolutely
nothing to do with their ability to discern between companies using
one TLD versus another TLD.
>(Without governmental structure, there is no accountability, and
>without accountability, there's no reason to trust any claimed
>audit.)
Fully agree.
>The question outstanding is thus "does the governmental CA have any
>provision for attempting to certify entities outside of its borders?"
We have no way of knowing that with a secret audit.
>If no, then the way to describe the limitation would be in the
>Subject's "C" field ("C=FR").
This sounds unwise. If the CIA equavlent in the Democratic Republic
of Somewhere do a secret audit of the DRS NIST, we will allow DRS
NIST to issue certs with a subject of "CN=Our Local Mafia; C=DRS" and
a subjectAltName of "dnsName=www.ebay.com".
>If yes, then this entire discussion becomes moot.
>
>(Of course, the way X.509 was originally defined in the first place
>was that each country would get a CA certificate derived from the
>single, global trust anchor.)
And that worked ever so well...
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
